US11233766B2 - Data transmission method and network device - Google Patents

Data transmission method and network device Download PDF

Info

Publication number
US11233766B2
US11233766B2 US16/364,064 US201916364064A US11233766B2 US 11233766 B2 US11233766 B2 US 11233766B2 US 201916364064 A US201916364064 A US 201916364064A US 11233766 B2 US11233766 B2 US 11233766B2
Authority
US
United States
Prior art keywords
packet
destination address
address
network
private network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
US16/364,064
Other languages
English (en)
Other versions
US20190222552A1 (en
Inventor
Han Xiao
Chenghao Sun
Jun Liang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Publication of US20190222552A1 publication Critical patent/US20190222552A1/en
Assigned to ALIBABA GROUP HOLDING LIMITED reassignment ALIBABA GROUP HOLDING LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SUN, CHENGHAO, LIANG, JUN, XIAO, Han
Application granted granted Critical
Publication of US11233766B2 publication Critical patent/US11233766B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/106Mapping addresses of different types across networks, e.g. mapping telephone numbers to data network addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2514Translation of Internet protocol [IP] addresses between local and global IP addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2521Translation architectures other than single NAT servers
    • H04L61/2535Multiple local networks, e.g. resolving potential IP address conflicts
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2592Translation of Internet protocol [IP] addresses using tunnelling or encapsulation

Definitions

  • the present disclosure generally relates to the field of communications, and in particular, to a data transmission method and a network device.
  • VPC virtual private cloud
  • NTP Network Time Protocol
  • a service provider may generally require a user to acquire various basic services by accessing a designated public network address.
  • the problems of the solution include: the user needs to purchase a public network address and bear various costs of public network traffic.
  • the embodiments of the present disclosure can provide a data transmission method and a network device.
  • Some embodiments of the present disclosure can provide a data transmission method.
  • the method can include receiving a first packet sent by a virtual private network user, wherein the first packet carries a first destination address that is considered a designated address that does not belong to an address range that has been configured for a virtual private network where the virtual private network user is located, converting the first destination address a second destination address, generating a second packet according to the second destination address and the first packet, and sending the second packet to outside the virtual private network where the virtual private network user is located.
  • converting the first destination address to obtain a second destination address includes: parsing the first packet to obtain an internal destination address and a virtual network identifier, determining the first destination address according to the internal destination address, and determining, according to the virtual network identifier, network identifier information of the virtual private network where the virtual private network user is located, searching a pre-configured address mapping table for a destination address to which the first destination address and the network identifier information correspond jointly, and in response to the destination address to which the first destination address and the network identifier information correspond jointly being found, determining the found destination address as the second destination address.
  • generating a second packet according to the second destination address and the first packet includes: in response to a determination that the first packet abides by a first format, converting the first format into a second format, and
  • converting the first format into the second format includes: replacing first header information abiding by the first format in the first packet with second header information abiding by the second format, wherein the first header information includes at least one of an internal source address, an internal destination address, a virtual network identifier, an external source address, or an external destination address, and the second header information includes at least one of a source address or a destination address, and encapsulating packet information carried by the first packet and the second destination address according to the second format in the second packet includes: encapsulating the second header information and the packet information in the second packet, wherein the source address carried in the second header information is an address of the network device, and the carried destination address is the second destination address.
  • sending the second packet to the exterior of the virtual private network where the virtual private network user is located includes: determining a next-hop device according to the second destination address and a routing table, wherein the next-hop device is located outside the virtual private network where the virtual private network user is located, and sending the second packet to the next-hop device.
  • the designated address does not belong to an address range that has been configured for a designated network.
  • the designated address belongs to an address range from 100.64.0.0 to 100.64.0.10.
  • the virtual private network is a Virtual Private Cloud (VPC) network.
  • VPC Virtual Private Cloud
  • the first format is a Virtual Extensible Local Area Network (VXLAN) format
  • the second format is a Virtual Local Area Network (VLAN) format.
  • VXLAN Virtual Extensible Local Area Network
  • VLAN Virtual Local Area Network
  • the first destination address and the second destination address correspond to a server.
  • the server is one of an NTP server or an encryption server.
  • Some embodiments of the present disclosure further provide a data transmission method.
  • the method can include receiving a first packet sent by a user in a first-class network, wherein the first packet carries a first destination address that is considered a designated address in a second-class network, and the designated address neither belongs to an address range that has been configured for the first-class network nor belongs to an address range that has been configured for a third-class network, converting the first destination address to a second destination address, generating a second packet according to the second destination address and the first packet, and sending the second packet to the second-class network.
  • Some embodiments of the present disclosure further provide a data transmission method.
  • the method can include receiving a first packet sent by a network device, wherein the first packet carries the first source address, converting the first source address to a second source address, wherein the second source address is considered a designated address that does not belong to an address range that has been configured for a virtual private network where a virtual private network user is located, generating a second packet according to the second source address and the first packet, and sending the second packet to the interior of the virtual private network where the virtual private network user is located.
  • converting the first source address to a second source address includes: parsing the first packet to obtain the first source address, searching a pre-configured address mapping table for a source address to which the first source address corresponds, and in response to a source address to which the first source address corresponds being found, setting the found source address as the second source address.
  • generating a second packet according to the second source address and the first packet includes: in response to a determination that the first packet abides by a first format, converting the first format into the second format, and encapsulating packet information carried by the first packet and the second source address according to the second format in the second packet.
  • converting the first format into the second format includes: replacing first header information abiding by the first format in the first packet with second header information abiding by the second format, wherein the first header information includes at least a source address and a destination address, and the second header information includes at least an internal source address, an internal destination address, a virtual network identifier, an external source address, and an external destination address, and encapsulating packet information carried by the first packet and the second destination address according to the second format to obtain the second packet includes: encapsulating the second header information and the packet information in the second packet, wherein the source address carried in the second header information is an address of the network device, and the carried destination address is the second destination address.
  • the designated address does not belong to an address range that has been configured for a designated network.
  • the designated address belongs to an address range from 100.64.0.0 to 100.64.0.10.
  • the virtual private network is a Virtual Private Cloud (VPC) network.
  • VPC Virtual Private Cloud
  • the first format is a Virtual Local Area Network (VLAN) format
  • the second format is a Virtual Extensible Local Area Network (VXLAN) format.
  • the first source address and the second source address correspond to a server.
  • the server is one of an NTP server or an encryption server.
  • Some embodiments of the present disclosure further provide a data transmission method, including receiving a first packet sent by a device in a second-class network, wherein the first packet carries a first source address, converting the first destination address to a second source address, wherein the second source address is considered a designated address in the second-class network, and the designated address does not belong to an address range that has been configured for a virtual private network where a virtual private network user is located, generating a second packet according to the second destination address and the first packet, and sending the second packet to the interior of the virtual private network where the virtual private network user is located.
  • Some embodiments of the present disclosure further provide a network device, including a receiving unit configured to receive a first packet sent by a virtual private network user, wherein the first packet carries a first destination address that is considered a designated address that does not belong to an address range that has been configured for a virtual private network where the virtual private network user is located, a converting unit configured to convert the first destination address to obtain a second destination address, a generating unit configured to generate a second packet according to the second destination address and the first packet, and a sending unit configured to send the second packet to the exterior of the virtual private network where the virtual private network user is located.
  • a receiving unit configured to receive a first packet sent by a virtual private network user, wherein the first packet carries a first destination address that is considered a designated address that does not belong to an address range that has been configured for a virtual private network where the virtual private network user is located
  • a converting unit configured to convert the first destination address to obtain a second destination address
  • a generating unit configured to generate a second packet
  • Some embodiments of the present disclosure further provide a network device, including a receiving unit configured to receive a first packet sent by a user in a first-class network, wherein the first packet carries a first destination address that is considered a designated address in a second-class network, and the designated address neither belongs to an address range that has been configured for the first-class network nor belongs to an address range that has been configured for a third-class network, a converting unit configured to convert the first destination address to obtain a second destination address, a generating unit configured to generate a second packet according to the second destination address and the first packet, and a sending unit configured to send the second packet to the second-class network.
  • a receiving unit configured to receive a first packet sent by a user in a first-class network, wherein the first packet carries a first destination address that is considered a designated address in a second-class network, and the designated address neither belongs to an address range that has been configured for the first-class network nor belongs to an address range that has been configured for a third-class
  • Some embodiments of the present disclosure further provide a network device, including a receiving unit configured to receive a first packet sent by a network device, wherein the first packet carries a first source address, a converting unit configured to convert the first source address to a second source address, wherein the second source address is considered a designated address, and the designated address does not belong to an address range that has been configured for a virtual private network where a virtual private network user is located, a generating unit configured to generate a second packet according to the second source address and the first packet, and a sending unit configured to send the second packet to the interior of the virtual private network where the virtual private network user is located.
  • Some embodiments of the present disclosure further provide a network device, including a receiving unit configured to receive a first packet sent by a device in a second-class network, wherein the first packet carries a first source address, a converting unit configured to convert the first destination address to a second source address, wherein the second source address is considered a designated address in the second-class network, and the designated address does not belong to an address range that has been configured for a virtual private network where a virtual private network user is located, a generating unit configured to generate a second packet according to the second destination address and the first packet, and a sending unit configured to send the second packet to the interior of the virtual private network where the virtual private network user is located.
  • FIG. 1 is a schematic diagram of an exemplary network architecture according to some embodiments of the present disclosure.
  • FIG. 2 is a diagram of an exemplary data transmission procedure according to some embodiments of the present disclosure.
  • FIG. 3 is a flowchart of an exemplary data transmission method according to some embodiments of the present disclosure.
  • FIG. 4 is a flowchart of another exemplary data transmission method according to some embodiments of the present disclosure.
  • FIG. 5 is a flowchart of another exemplary data transmission method according to some embodiments of the present disclosure.
  • FIG. 6 is a flowchart of another exemplary data transmission method according to some embodiments of the present disclosure.
  • FIG. 7 is a flowchart of another exemplary data transmission method according to some embodiments of the present disclosure.
  • FIG. 8 is a flowchart of another exemplary data transmission method according to some embodiments of the present disclosure.
  • FIG. 9 is a flowchart of another exemplary data transmission method according to some embodiments of the present disclosure.
  • FIG. 10 is a flowchart of another exemplary data transmission method according to some embodiments of the present disclosure.
  • FIG. 11 is a flowchart of another exemplary data transmission method according to some embodiments of the present disclosure.
  • FIG. 12 is a flowchart of an exemplary method for performing data transmission in a scenario according to some embodiments of the present disclosure.
  • FIG. 13 is a flowchart of an exemplary method for performing data transmission in a scenario according to some embodiments of the present disclosure.
  • FIG. 14 is a diagram of an exemplary data transmission method according to some embodiments of the present disclosure.
  • FIG. 15 is another diagram of an exemplary data transmission method according to some embodiments of the present disclosure.
  • FIG. 16 is a flowchart of an exemplary data transmission system according to some embodiments of the present disclosure.
  • FIG. 17 is a flowchart of an exemplary data transmission system implemented based on an encryption service according to some embodiments of the present disclosure.
  • FIG. 18 is a schematic diagram of an exemplary network device for data transmission according to some embodiments of the present disclosure.
  • FIG. 19 is a schematic diagram an exemplary network device for data transmission according to some embodiments of the present disclosure.
  • FIG. 20 is a schematic diagram of an exemplary network device for data transmission according to some embodiments of the present disclosure.
  • FIG. 21 is a schematic diagram of an exemplary network device for data transmission according to some embodiments of the present disclosure.
  • FIG. 22 is a schematic diagram of an exemplary network device for data transmission according to some embodiments of the present disclosure.
  • the term “or” encompasses all possible combinations, except where infeasible. For example, if it is stated that a database may include A or B, then, unless specifically stated otherwise or infeasible, the database may include A, or B, or A and B. As a second example, if it is stated that a database may include A, B, or C, then, unless specifically stated otherwise or infeasible, the database may include A, or B, or C, or A and B, or A and C, or B and C, or A and B and C.
  • the data transmission method and the network device provided in the embodiments of the present disclosure enable a user in a virtual private network to obtain various services provided by corresponding servers only by using a private network that can provide a business service, such that the user in the virtual private network does not need to access networks other than the private network to obtain services. Accordingly, the amount of data traffic is reduced for the user.
  • Some embodiments of the disclosure can be applied to a system architecture constructed by various types of networks.
  • network addresses in the networks of various types can be set separately.
  • Each type of networks can be linked by using an address converting device.
  • Various types of networks communicate with each other through gateways, and each gateway is generally provided with an address conversion function, a routing forward function, and other functions.
  • An exemplary data transmission system using the exemplary system architecture shown in FIG. 1 can be shown in FIG. 2 .
  • the data transmission procedure includes the following steps.
  • a user in a virtual private network initiates an initial request packet and sends the request packet to a gateway of the virtual private network.
  • the virtual private network can further provide the user with a forwarding device configured for packet forwarding, encapsulation, decapsulation, and other functions, such as a Virtual Extensible Local Area Network (VXLAN) Tunneling End Point (VTEP).
  • VXLAN Virtual Extensible Local Area Network
  • VTEP Virtual Extensible Local Area Network Tunneling End Point
  • the forwarding device is an agent for communication between the user and the exterior of the virtual private network.
  • step 2 If the virtual private network connected to the gateway and the foregoing private network use different packet formats, the gateway needs to convert the format of the received request packet to adapt to a transmission format in the private network.
  • step 3 when converting the format, the gateway further needs to search for an actual address of a destination device in the private network according to the destination address in the request packet.
  • step 4 the gateway encapsulates the actual address and request contents of the request packet in a packet according to a transmission format suitable for the private network.
  • step 5 the gateway forwards the encapsulated packet according to a path planned in routing.
  • the destination device in the private network After receiving the request packet, the destination device in the private network can process the request content and return the processing result to the user.
  • the returning procedure is an inverse process of the foregoing steps 1 to 5 .
  • the embodiments of the present disclosure provide an exemplary data transmission method by a network device between a virtual private network and a private network, as shown in FIG. 3 .
  • the network device can be a gateway, a Server Load Balancing (SLB), and the like.
  • the method can include the following steps.
  • a first packet sent by a virtual private network user is received, wherein a first destination address carried by the first packet is a designated address.
  • the first destination address is a server address configured for the user in the virtual private network according to actual implementation and is generally different from an actual network address of a server in the private network.
  • the designated address does not belong to an address range that has been configured for the virtual private network where the virtual private network user is located.
  • the designated address can be a network address in the foregoing private network.
  • the designated address can be configured as a server (such as an NTP server or an encryption server) address that provides a corresponding basic service (such as an NTP service and an encryption service), such that the user does not need to purchase addresses in other networks including the public network and bear costs of various types of network traffic. If a business network is also connected to other private networks and can communicate with this private network, it should be avoided that traffic accessing the foregoing various types of basic services flows to the other private networks. Therefore, it can also be required that the designated address does not belong to an address range that has been configured for certain one or more designated networks of the other private networks.
  • the first packet can be a request packet for acquiring a basic service.
  • the destination address carried in the packet is not within the address range in the virtual private network. Therefore, the packet will flow through the gateway to a network outside the private network (in the exemplary architecture shown in FIG. 1 , the first packet will flow from the virtual private network to the private network).
  • the first destination address is converted to a second destination address.
  • the second destination address corresponds to the first destination address and is used to indicate an actual network address of the server in the private network. Therefore, the second destination address and the first destination address correspond to a server.
  • a second packet is generated according to the second destination address and the first packet.
  • the destination address is changed, therefore format conversion and re-capsulation can be performed on the contents of the first packet to generate the second packet.
  • the second packet is sent outside the virtual private network where the virtual private network user is located.
  • the data transmission method provided in the embodiment of the present disclosure enables a user in a virtual private network to acquire various services provided by corresponding servers only by using a private network that can provide a business service, such that the user in the virtual private network does not need to acquire services by accessing networks other than the private network. Therefore, the traffic is reduced for the user.
  • the designated address is set separately. Therefore, an address mapping table can be configured in the network device to store an association between the designated address and an actual address of a server pointed by the designated address in the private network. Converting the first destination address to the second destination address, which includes the configuration of the address mapping table, is provided according to the embodiments of the present disclosure, as shown in FIG. 4 .
  • the method can include the following steps.
  • the first packet is parsed to obtain an internal destination address and a virtual network identifier.
  • the virtual network identifier is identifier information of the virtual private network where the user is located and is used for distinguishing different virtual private networks.
  • the first destination address is determined according to the internal destination address, and network identifier information of the virtual private network where the virtual private network user is located is determined according to the virtual network identifier.
  • step 1023 a pre-configured address mapping table is searched for a destination address to which the first destination address and the network identifier information correspond jointly. Not all users have the right to use basic services. Therefore, the virtual network identifier is introduced in the process of searching for the destination address to distinguish different types of users.
  • step 1024 When a destination address to which the first destination address and the network identifier information correspond jointly is found, the found destination address is determined as the second destination address.
  • IPv4 address ranges commonly used in the private network include 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255.255. Therefore, the second destination address mentioned here can be selected from the above three sections.
  • the designated address can be selected from the address range from 100.64.0.0 to 100.64.0.10.
  • the address range is usually used in the private network, and usually are not configured for a network other than the private network.
  • the first destination address (i.e., the designated address) and the second destination address can be configured as 100.64.10.10 and 10.10.10.101, respectively.
  • the first destination address 100.64.10.10 and virtual network identifier VNI can be mapped to the second destination address 10.10.10.101.
  • the mapping relationship can be added to the address mapping table.
  • the first packet and the second packet that are mentioned in the foregoing may have different packet formats.
  • a first format is converted to the second format if the first packet abides by the first format.
  • step 1032 packet information carried by the first packet and the second destination address are encapsulated according to the second format in the second packet.
  • the first format described here refers to a packet format supported by the virtual private network where the user is located
  • the second format refers to a packet format supported by the private network.
  • the corresponding first format may abide by a Virtual Extensible Local Area Network (VXLAN) format.
  • VXLAN Virtual Extensible Local Area Network
  • the corresponding second format may abide by a Virtual LAN (VLAN) format.
  • VLAN Virtual LAN
  • a corresponding format converting method can be configured.
  • the contents shown above are part of the contents in the corresponding packet.
  • Other necessary information such as a MAC address can further be set according to actual transmission requirements.
  • FIG. 6 is a flowchart of another exemplary data transmission method according to some embodiments of the present disclosure.
  • the method can include the foregoing steps 1031 and 1032 , as shown in FIG. 6 .
  • first header information abiding by the first format (VXLAN) in the first packet is replaced with second header information abiding by the second format (VLAN).
  • the first header information can contain an internal source address, an internal destination address, a virtual network identifier, an external source address, and an external destination address.
  • the second header information can include a source address and a destination address. Therefore, in the process of format conversion, the internal source IP carried in the VXLAN packet can be the source IP of the VLAN packet, and the internal destination IP carried in the VXLAN packet can be the destination IP of the VLAN packet. Other IP addresses and the virtual network identifier in the VXLAN packet are not kept unchanged in the process of format conversion.
  • step 10321 the second header information and the packet information are encapsulated to obtain the second packet.
  • the source IP and the destination IP that are carried in the VLAN packet obtained via format conversion are merely addresses configured for the user inside the virtual private network to use, it is necessary to convert the destination address carried in the second header information into the second destination address, such that the packet can be transmitted to a correct target device.
  • the carried source address is the address of the network device, such that a feedback packet can be received correctly by the network device.
  • a routing table related to the second destination address needs to be configured in advance on the gateway between the virtual private network and the private network, such that when a packet sent to the second destination address is received, the packet can be forwarded directly.
  • An exemplary method which can include an exemplary implementation of the foregoing step 104 is shown in FIG. 7 . The method can include the following steps.
  • a next-hop device is determined according to the second destination address and a routing table.
  • the second destination address is a server address in the private network, and therefore, the next-hop device is located outside the virtual private network where the virtual private network user is located.
  • the routing table mentioned here generally needs to be pre-configured or is configured by the gateway through self-leaning.
  • step 1042 the second packet is sent to the next-hop device. Steps of traffic flowing from the user side in the virtual private network to the private network side are illustrated above, and steps of traffic flowing from the private network side to the user side in the virtual private network will be described below.
  • FIG. 8 is a flowchart of another exemplary data transmission method according to some embodiments of the present disclosure. The method includes the following steps.
  • step 201 a first packet sent by a network device in a private network is received, wherein the first packet carries a first source address.
  • step 202 the first source address is converted to a second source address.
  • step 203 a second packet is generated according to the second source address and the first packet.
  • step 204 the second packet is sent to the virtual private network where the virtual private network user is located.
  • Step 201 to step 204 can be an inverse procedure of step 101 to step 104 .
  • step 101 to step 104 illustrate that the user requests a basic service from a private network server
  • step 201 to step 204 illustrate that the server replies to the user request.
  • the first source address and the second destination address are actually the same, both of which are used to represent the actual network address of the server in the private network.
  • the second source address and the first destination address i.e., the designated address
  • the first packet and the second packet described here are both packets delivered to the user side by the server side and are different from the first packet and the second packet that are described in the foregoing.
  • FIG. 9 is a flowchart of another exemplary data transmission method according to some embodiments of the present disclosure.
  • the designated address is set separately. Therefore, an address mapping table can be configured in the network device, so as to store an association between the designated address and an actual address of a server pointed by the designated address in the private network. Converting the first destination address to the second destination address, which includes the configuration of the address mapping table, is shown in FIG. 9
  • the method can include the following steps.
  • step 2021 the first packet is parsed to obtain the first source address.
  • step 2022 a pre-configured address mapping table is searched for a source address to which the first source address corresponds.
  • step 2023 when a source address to which the first source address corresponds is found, the found source address is determined as the second source address.
  • Step 2021 to step 2023 are inverse to steps 1021 to 1024 .
  • FIG. 10 is a flowchart of another exemplary data transmission method according to some embodiments of the present disclosure.
  • Different types of networks may be configured based on different communication protocols, and therefore, the first packet and the second packet that are mentioned in the foregoing may have different packet formats.
  • the exemplary method which includes an exemplary implementation of the foregoing step 203 , is shown in FIG. 10 .
  • the method can include the following steps.
  • a first format is converted into the second format when the first packet abides by the first format.
  • step 2032 packet information carried by the first packet and the second destination address are encapsulated according to the second format in the second packet.
  • the first format described here refers to a packet format supported by the private network
  • the second format refers to a packet format supported by the virtual private network where the user is located.
  • the private network is a virtual local area network
  • the corresponding first format generally should abide by the VLAN format
  • the corresponding second format generally should abide by the VXLAN format.
  • FIG. 11 an exemplary method, which include an exemplary implementation of steps 2031 and 2032 , is shown in FIG. 11 .
  • the method can include the following steps.
  • first header information abiding by the first format in the first packet is replaced with second header information abiding by the second format.
  • the first header information includes at least a source address and a destination address
  • the second header information includes at least an internal source address, an internal destination address, a virtual network identifier, an external source address, and an external destination address.
  • the second header information and the packet information are encapsulated in the second packet.
  • the source address carried in the second header information is an address of the network device, and the carried destination address is the second destination address.
  • steps 20311 and 20321 can be an inverse process of steps 10311 and 10321 , that is, the packet is converted from the VLAN format to the VXLAN format and then encapsulated.
  • the steps of traffic flowing from the private network side to the user side in the virtual private network are described in the foregoing, and the implementation procedure can be an inverse process corresponding to the steps of traffic flowing from the user side in the virtual private network to the private network side.
  • FIG. 12 is a flowchart of an exemplary method for performing data transmission in a scenario according to some embodiments of the present disclosure.
  • VPC111111 has a user A
  • VPC222222 has a user B.
  • a source address of the user A in the VPC1111111 is 192.168.1.100
  • an external source address is 10.10.10.11
  • a virtual network identifier is 1111111.
  • a source address of the user A in the VPC2222222 is 192.168.1.100, an external source address is 10.10.10.10, and a virtual network identifier is 2222222.
  • a gateway address of a gateway VPC-GW between the VPC and the private network (supporting the VLAN) is 10.10.10.100.
  • An NTP server informs the user A and the user B about an address 100.64.10.10, and an actual address in the private network is 10.10.10.101.
  • the traffic flowing from the private network side to the user side in the virtual private network can be illustrated with reference to FIG. 12 .
  • the procedure can include the following steps.
  • step 301 the user A sends a packet 1 to the VPC-GW, and the user B sends a packet 2 to the VPC-GW.
  • a header of the packet 1 carries an external source address 10.10.10.11, an external destination address 10.10.10.100, a virtual network identifier 1111111, an internal source address 192.168.1.100, and an internal destination address 100.64.10.10.
  • a header of the packet 2 carries an external source address 10.10.10.10, an external destination address 10.10.10.100, a virtual network identifier 222222, an internal source address 192.168.1.100, and an internal destination address 100.64.10.10.
  • the VPC-GW converts the received packet 1 and packet 2 respectively from the VXLAN format to the VLAN format to obtain a packet 3 and a packet 4 .
  • a header of the packet 3 carries a source address 10.10.10.11 and a destination address 10.10.10.101.
  • a header of the packet 4 carries a source address 10.10.10.10 and a destination address 10.10.10.101.
  • step 303 the VPC-GW sends the packet 3 and the packet 4 to the NTP server according to routing information recorded in the routing table.
  • FIG. 13 is a flowchart of an exemplary method for performing data transmission in a scenario according to some embodiments of the present disclosure.
  • the traffic flowing from the user side in the virtual private network to the private network side can be illustrated with reference to FIG. 13 .
  • the procedure can include the following steps.
  • step 401 the NTP server returns to the VPC-GW a packet 5 that replies to the packet 3 and a packet 6 that replies to the packet 4 .
  • a header of the packet 5 carries a source address 10.10.10.101 and a destination address 10.10.10.11.
  • a header of the packet 6 carries a source address 10.10.10.101 and a destination address 10.10.10.10.
  • the VPC-GW converts the received packet 5 and packet 6 respectively from the VLAN format to the VXLAN format to obtain a packet 7 and a packet 8 .
  • a header of the packet 7 carries an external source address 10.10.10.100, an external destination address 10.10.10.11, a virtual network identifier 1111111, an internal source address 100.64.10.10, and an internal destination address 192.168.1.100.
  • a header of the packet 8 carries an external source address 10.10.10.100, an external destination address 10.10.10.10, a virtual network identifier 222222, an internal source address 100.64.10.10, and an internal destination address 192.168.1.100.
  • step 403 the VPC-GW sends the packet 7 to the user A and sends the packet 8 to the user B, respectively.
  • step 501 a first packet sent by a user in a first-class network is received, wherein a first destination address carried by the first packet is a designated address in a second-class network, and the designated address neither belongs to an address range that has been configured for the first-class network nor belongs to an address range that has been configured for a third-class network.
  • step 502 the first destination address is converted to obtain a second destination address.
  • step 503 a second packet is generated according to the second destination address and the first packet.
  • step 504 the second packet is sent to the second-class network.
  • FIG. 15 is another diagram of an exemplary data transmission method according to some embodiments of the present disclosure. As shown in FIG. 15 , the method can include the following steps.
  • step 601 a first packet sent by a device in the second-class network is received, wherein the first packet carries a first source address.
  • the first source address is converted to a second source address, wherein the second source address is a designated address in the second-class network, and the designated address does not belong to an address range that has been configured for a virtual private network where a virtual private network user is located.
  • step 603 a second packet is generated according to the second source address and the first packet.
  • step 604 the second packet is sent to the virtual private network where the virtual private network user is located.
  • some embodiments of the present disclosure further provide a method procedure using a VPC sending terminal, a Server Load Balancer (SLB), and a cloud server as interaction devices, as shown in FIG. 16 .
  • the VPC sending terminal includes: a VPC virtual machine and a VLAN Tunneling End Point (VTEP).
  • the interactions can be among any number of VPC sending terminals, any number of SLBs, and any number of cloud servers.
  • the VPC is a private cloud space rented by a user in a public cloud.
  • a private server space of the user is formed in the cloud by using virtualization technologies, which carries application services of the user, and is referred to as an application server or VPC virtualization.
  • the VPC virtual machine guarantees security of user data in respective rented application servers by using network isolation technologies.
  • the user can deploy application services associated with the business onto virtual machines of respective application servers, and various VPC virtual machines in the cloud process business procedures. For example, it is unnecessary for a bank system to own a database and a business processing server.
  • a transfer business is deployed in a VPC virtual machine in the cloud.
  • the VPC virtual machine bearing the transfer business and a cloud server implement the transfer business jointly.
  • each VPC virtual machine is also provided with a respective IP address.
  • the IP of the VPC virtual machine is 192.168.1.100.
  • VTEP is an abbreviation of VLAN Tunneling End Point, which is a device that is implemented by hardware or software.
  • the device supports VxLan and can be used as an intermediate layer to encapsulate and decapsulate a VxLan packet.
  • VNI virtual network identifier
  • the VTEP encapsulates a VxLan header according to the virtual network identifier (VNI) and the IP, so as to encapsulate an original request packet sent by the application server.
  • VNI virtual network identifier
  • the VPC sending terminal receives a data packet returned by the cloud server
  • the data packet also needs to be decapsulated by the VTEP to obtain the VxLan packet, then acquire the VNI and a destination IP address of an inner-layer packet and determine a destination VPC virtual machine to send the inner-layer packet to the destination VPC virtual machine.
  • the IP address of the VTEP is 10.10.10.11
  • the corresponding virtual network identifier is 1111111.
  • the SLB is a server load balancer, which can forward a request to achieve load balancing of various servers and cross-network access.
  • the SLB can be either a hardware or a virtual apparatus on a hardware, and the SLB can be either communicated with a cloud server network or a VTEP.
  • a private network internal IP of the SLB corresponding to a VPC user is pre-configured for the SLB, and the private network internal IP of the SLB is used to enable interaction between the SLB and the application server in the VPC network, such that the interaction between the SLB and the application server is similar to communication in the same private network.
  • the SLB further needs to store an association between an actual network address of the cloud server and the server address that is configured for the VPC user, such that the SLB can forward data communication between the VPC user and the cloud server.
  • the IP address of the SLB is 10.10.10.100.
  • the cloud server is a device that provides various cloud services for users. Various user requests forwarded by the SLB can be processed. An actual IP address of the cloud server is 10.10.10.101, and the IP address configured for the VPC user is 100.64.10.10.
  • the procedure can include the following steps.
  • step s 1 the VPC virtual machine sends an original request packet to request a service from the cloud server.
  • a source IP in the original request packet is the IP address (192.168.1.100) of the VPC virtual machine in the VPC sending terminal, and a destination IP is the private network internal IP address (100.64.10.10) of the cloud server pre-configured for the VPC user.
  • the VTEP encapsulates the original request packet based on the VxLan protocol to form a VxLan packet.
  • a header of the VxLan data packet carries an external source address (the private network internal IP address 10.10.10.11 of the VTEP), an external destination address (the private network internal IP address 10.10.10.100 of the SLB), a virtual network identifier 1111111, an internal source address (the IP address 192.168.1.100 of the VPC virtual machine in the VPC network), and an internal destination address (the cloud server IP address 100.64.10.10 configured for the user).
  • step s 3 the VTEP sends the request data packet to the SLB.
  • the SLB receives the request data packet and then parses the request data packet.
  • the request data packet is converted from the VxLAN format into the VLAN format.
  • the SLB parses the request data packet to obtain the original request packet, modifies a source IP in the original request packet into the IP address (10.10.10.100) of the SLB, modifies a destination IP address into the IP (10.10.10.101) of the cloud server, forming a forward request packet by keeping the data packet content in the original request packet unchanged, and sends the forward request packet to the cloud server.
  • step s 5 the SLB sends the forward request packet to the cloud server.
  • step s 6 after acquiring the request packet forwarded by the SLB, the cloud server correspondingly processes data in the data packet in the request packet and generates an original response packet.
  • step s 7 the original response packet is sent to the SLB according to the private network internal IP address of the SLB.
  • step s 8 after receiving the original response packet sent by the cloud server, the SLB parses the original response packet.
  • the response data packet is converted from the VLAN format into the VxLAN format.
  • the SLB modifies address content in the original response packet, modifies a source IP in the original response packet into the IP (100.64.10.10) of the cloud server, modifies a destination IP into the IP address (192.168.1.100) of the VPC virtual machine, and forms a forward response packet by keeping the data packet in the original response packet unchanged.
  • the forward response packet and information such as the virtual network identifier VNI (1111111) are encapsulated in a VxLan packet.
  • a header of the Vxlan data packet carries an external source address (the private network internal IP address 10.10.10.100 of the SLB), an external destination address (the private network internal IP address 10.10.10.11 of the VTEP), a virtual network identifier 1111111, an internal source address (the cloud server IP address 100.64.10.10 configured for the user), and an internal destination address (the IP address 192.168.1.100 of the VPC virtual machine in the VPC network).
  • step s 9 the SLB sends the forward response data packet to the VTEP.
  • step s 10 after receiving the encapsulated forward response data packet, the VTEP decapsulates the encapsulated forward response data packet, and determines a VPC virtual machine according to the VNI and the destination IP that are obtained after the decapsulation.
  • step s 11 the VTEP sends the response data packet obtained by the decapsulation to the VPC virtual machine to implement the whole interaction process between the application server and the cloud server.
  • some embodiments of the present disclosure further provide a method procedure implemented by using a VPC sending terminal, an SLB, and a cloud encryptor as interaction devices, as shown in FIG. 17 .
  • the VPC sending terminal includes: a VPC virtual machine and a VTEP.
  • the interaction can be applied among any number of VPC sending terminals, any number of SLBs, and any number of cloud encryptors.
  • an IP address of the VPC virtual machine is 192.168.1.100.
  • An IP address of the TEP is 10.10.10.11, and a corresponding virtual network identifier is 1111111.
  • the IP address of the SLB is 10.10.10.100.
  • An actual IP address of the cloud encryptor is 10.10.10.101, and the IP address configured for the VPC user is 100.64.10.10.
  • the procedure can include the following steps.
  • step t 1 the VPC virtual machine sends an original to-be-encrypted request packet to request an encryption service from the cloud encryptor.
  • a source IP in the original to-be-encrypted request packet is the IP address (192.168.1.100) of the VPC virtual machine in the VPC sending terminal, and a destination IP is the private network internal IP address (100.64.10.10) of the cloud encryptor pre-configured for the VPC user.
  • the VTEP encapsulates the original to-be-encrypted request packet based on the Vxlan protocol to form a Vxlan packet.
  • a header of the Vxlan data packet carries an external source address (the private network internal IP address 10.10.10.11 of the VTEP), an external destination address (the private network internal IP address 10.10.10.100 of the SLB), a virtual network identifier 1111111, an internal source address (the IP address 192.168.1.100 of the VPC virtual machine in the VPC network), and an internal destination address (the cloud encryptor IP address 100.64.10.10 configured for the user).
  • step t 3 the VTEP sends the to-be-encrypted request data packet to the SLB.
  • step t 4 the SLB receives the to-be-encrypted request data packet and then parses the to-be-encrypted request data packet.
  • the to-be-encrypted request data packet is converted from the VxLAN format into the VLAN format.
  • the SLB parses the to-be-encrypted request data packet to obtain the original to-be-encrypted request packet, modifies a source IP in the original to-be-encrypted request packet into the IP address (10.10.10.100) of the SLB, modifies a destination IP address into the IP (10.10.10.101) of the cloud encryptor, forming a to-be-encrypted request forward packet by keeping the data packet content in the original to-be-encrypted request packet unchanged, and sends the to-be-encrypted request forward packet to the cloud encryptor.
  • step t 5 the SLB sends the to-be-encrypted request forward packet to the cloud encryptor.
  • step t 6 after acquiring the to-be-encrypted request forward packet forwarded by the SLB, the cloud encryptor correspondingly encrypts data in the data packet in the to-be-encrypted request forward packet and generates an original encrypted packet.
  • step t 7 the original encrypted packet is sent to the SLB according to the private network internal IP address of the SLB.
  • step t 8 after receiving the original encrypted packet sent by the cloud encryptor, the SLB parses the original encrypted packet.
  • the original encrypted packet is converted from the VLAN format into the VxLAN format.
  • the SLB modifies address content in the original encrypted packet, modifies a source IP in the original encrypted packet into the IP (100.64.10.10) of the cloud encryptor, modifies a destination IP into the IP address (192.168.1.100) of the VPC virtual machine, and forms a forward encrypted packet by keeping the data packet in the original encrypted packet unchanged.
  • the forward encrypted packet and information such as the virtual network identifier VNI (1111111) are encapsulated to obtain a VxLan packet.
  • a header of the Vxlan data packet carries an external source address (the private network internal IP address 10.10.10.100 of the SLB), an external destination address (the private network internal IP address 10.10.10.11 of the VTEP), a virtual network identifier 1111111, an internal source address (the cloud encryptor IP address 100.64.10.10 configured for the user), and an internal destination address (the IP address 192.168.1.100 of the VPC virtual machine in the VPC network).
  • step t 9 the SLB sends the encrypted data forward packet to the VTEP.
  • step t 10 after receiving the encapsulated encrypted data forward packet, the VTEP decapsulates the encapsulated encrypted data forward packet, and determines a VPC virtual machine according to the VNI and the destination IP that are obtained after the decapsulation.
  • step t 11 the VTEP sends the encrypted data packet obtained by the decapsulation to the VPC virtual machine to implement the whole interaction process between the application server and the cloud encryptor.
  • t 1 to t 11 are merely an example of the encryption process.
  • FIG. 18 is a schematic diagram of an exemplary network device for data transmission according to some embodiments of the present disclosure. As shown in FIG. 18 , the network device includes the following units.
  • a receiving unit 71 has circuitry to receive a first packet sent by a virtual private network user, wherein a first destination address carried by the first packet is a designated address, and the designated address does not belong to an address range that has been configured for a virtual private network where the virtual private network user is located.
  • a converting unit 72 has circuitry to convert the first destination address to a second destination address.
  • a generating unit 73 has circuitry to generate a second packet according to the second destination address and the first packet.
  • a sending unit 74 has circuitry to send the second packet to the exterior of the virtual private network where the virtual private network user is located.
  • the converting unit 72 has circuitry to parse the first packet to obtain an internal destination address and a virtual network identifier, determine the first destination address according to the internal destination address, and determine network identifier information of the virtual private network where the virtual private network user is located, search a pre-configured address mapping table for a destination address to which the first destination address and the network identifier information correspond jointly and when a destination address to which the first destination address and the network identifier information correspond jointly is found, determine the found destination address as the second destination address.
  • the generating unit 73 has circuitry to convert the first format to the second format when the first packet abides by the first format, and encapsulate packet information carried by the first packet and the second destination address according to the second format to obtain the second packet.
  • the generating unit 73 has circuitry to replace first header information abiding by the first format in the first packet with second header information abiding by the second format, wherein the first header information includes at least an internal source address, an internal destination address, a virtual network identifier, an external source address, and an external destination address, and the second header information includes at least a source address and a destination address; and encapsulate the second header information and the packet information to obtain the second packet, wherein a source address carried in the second header information is the address of the network device, and a carried destination address is the second destination address.
  • the sending unit 74 has circuitry to determine a next-hop device according to the second destination address and a routing table, wherein the next-hop device is located outside the virtual private network where the virtual private network user is located; and send the second packet to the next-hop device.
  • the designated address does not belong to an address range that has been configured for a designated network.
  • the designated address belongs to an address range from 100.64.0.0 to 100.64.0.10.
  • the virtual private network is a VPC network.
  • the first format is a VXLAN format
  • the second format is a VLAN format
  • FIG. 19 is a schematic diagram an exemplary network device for data transmission according to some embodiments of the present disclosure.
  • the network device can include the following units.
  • a receiving unit 81 configured to receive a first packet sent by a user in a first-class network, wherein a first destination address carried by the first packet is a designated address in a second-class network, and the designated address neither belongs to an address range that has been configured for the first-class network nor belongs to an address range that has been configured for a third-class network.
  • a converting unit 82 configured to convert the first destination address to obtain a second destination address.
  • a generating unit 83 configured to generate a second packet according to the second destination address and the first packet.
  • a sending unit 84 configured to send the second packet to the second-class network.
  • FIG. 20 is a schematic diagram of an exemplary network device for data transmission according to some embodiments of the present disclosure.
  • the network device can include the following units.
  • a receiving unit 91 configured to receive a first packet sent by a second network device, wherein the first packet carries a first source address.
  • a converting unit 92 configured to convert the first source address to obtain a second source address, wherein the second source address is a designated address, and the designated address does not belong to an address range that has been configured for a virtual private network where a virtual private network user is located.
  • a generating unit 93 configured to generate a second packet according to the second source address and the first packet.
  • a sending unit 94 configured to send the second packet to the interior of the virtual private network where the virtual private network user is located.
  • the converting unit 92 is specifically configured to parse the first packet to obtain the first source address, search a pre-configured address mapping table for a source address to which the first source address corresponds; and when a source address to which the first source address corresponds is found, determine the found source address as the second source address.
  • the generating unit 93 is specifically configured to convert the first format to the second format when the first packet abides by the first format, and encapsulate packet information carried by the first packet and the second source address according to the second format to obtain the second packet.
  • the generating unit 93 is further specifically configured to replace first header information abiding by the first format in the first packet with second header information abiding by the second format, wherein the first header information includes at least a source address and a destination address, and the second header information includes at least an internal source address, an internal destination address, a virtual network identifier, an external source address, and an external destination address; and encapsulate the second header information and the packet information to obtain the second packet, wherein a source address carried in the second header information is the address of the network device, and a carried destination address is the second destination address.
  • the designated address does not belong to an address range that has been configured for a designated network.
  • the designated address belongs to an address range from 100.64.0.0 to 100.64.0.10.
  • the virtual private network is a VPC network.
  • the first format is a VLAN format
  • the second format is a VXLAN format
  • FIG. 21 is a schematic diagram of an exemplary network device for data transmission according to some embodiments of the present disclosure.
  • the network device can include the following units.
  • a receiving unit 1001 configured to receive a first packet sent by a device in a second-class network, wherein the first packet carries a first source address.
  • a converting unit 1002 configured to convert the first destination address to obtain a second source address, wherein the second source address is a designated address in the second-class network, and the designated address does not belong to an address range that has been configured for a virtual private network where a virtual private network user is located.
  • a generating unit 1003 configured to generate a second packet according to the second destination address and the first packet.
  • a sending unit 1004 configured to send the second packet to the interior of the virtual private network where the virtual private network user is located.
  • the network device for data transmission provided in the embodiment of the present disclosure enables a user in a virtual private network to acquire various services provided by corresponding servers only by using a private network that can provide a business service, such that the user in the virtual private network does not need to acquire services by accessing other networks than the private network, thereby saving traffic for the user.
  • FIG. 22 is a schematic diagram of an exemplary network device for data transmission according to some embodiments of the present disclosure.
  • the exemplary network device e.g. network device 110
  • the exemplary network device can include a processor 1101 connected to one or more data storage tools.
  • the data storage tool can include a storage medium 1102 and a memory unit 1103 .
  • the network device 110 can further include an input interface 1104 and an output interface 1105 and is configured to communicate with another apparatus or system.
  • a program code that is executed by a CPU of the processor 1101 can be stored in the memory unit 1102 or the storage medium 1103 .
  • the processor 1101 in the network device 110 calls the program code to perform the following steps.
  • the receiving unit 1101 receives, through the input interface 1104 , a first packet sent by a virtual private network user, wherein a first destination address carried by the first packet is a designated address, and the designated address does not belong to an address range that has been configured for a virtual private network where the virtual private network user is located; convert the first destination address to obtain a second destination address; generate a second packet according to the second destination address and the first packet; and send, through the output interface 1105 , the second packet to the exterior of the virtual private network where the virtual private network user is located.
  • the processor 1101 is further configured to parse the first packet to obtain an internal destination address and a virtual network identifier, determine the first destination address according to the internal destination address, and determine network identifier information of the virtual private network where the virtual private network user is located, search a pre-configured address mapping table for a destination address to which the first destination address and the network identifier information correspond jointly, and when a destination address to which the first destination address and the network identifier information correspond jointly is found, determine the found destination address as the second destination address.
  • the processor 1101 is further configured to convert the first format to the second format when the first packet meets the first format, and encapsulate packet information carried by the first packet and the second destination address according to the second format to obtain the second packet.
  • the processor 1101 is further configured to replace first header information meeting the first format in the first packet with second header information meeting the second format, wherein the first header information includes at least an internal source address, an internal destination address, a virtual network identifier, an external source address, and an external destination address, and the second header information includes at least a source address and a destination address, and encapsulate the second header information and the packet information to obtain the second packet, wherein a source address carried in the second header information is the address of the network device, and a carried destination address is the second destination address.
  • the processor 1101 is further configured to determine a next-hop device according to the second destination address and a routing table, wherein the next-hop device is located outside the virtual private network where the virtual private network user is located; and send the second packet to the next-hop device through the output interface 1105 .
  • the designated address does not belong to an address range that has been configured for a designated network.
  • the designated address belongs to an address range from 100.64.0.0 to 100.64.0.10.
  • the virtual private network is a VPC network.
  • the first format is a VXLAN format
  • the second format is a VLAN format
  • the processor 1101 is further configured to receive, through the input interface 1104 , a first packet sent by a user in a first-class network, wherein a first destination address carried by the first packet is a designated address in a second-class network, and the designated address neither belongs to an address range that has been configured for the first-class network nor belongs to an address range that has been configured for a third-class network; convert the first destination address to obtain a second destination address; generate a second packet according to the second destination address and the first packet; and send the second packet to the second-class network through the output interface 1105 .
  • the processor 1101 is further configured to receive, through the input interface 1104 , a first packet sent by a network device, wherein the first packet carries the first source address, and convert the first source address to obtain a second source address, wherein the second source address is a designated address, and the designated address does not belong to an address range that has been configured for a virtual private network where a virtual private network user is located, generate a second packet according to the second source address and the first packet, and send, through the output interface 1105 , the second packet to the interior of the virtual private network where the virtual private network user is located.
  • the processor 1101 is further configured to parse the first packet to obtain the first source address, search a pre-configured address mapping table for a source address to which the first source address corresponds, and when a source address to which the first source address corresponds is found, determine the found source address as the second source address.
  • the processor 1101 is further configured to convert the first format to the second format when the first packet meets the first format, and encapsulate packet information carried by the first packet and the second source address according to the second format to obtain the second packet.
  • the processor 1101 is further configured to replace first header information meeting the first format in the first packet with second header information meeting the second format, wherein the first header information includes at least a source address and a destination address, and the second header information includes at least an internal source address, an internal destination address, a virtual network identifier, an external source address, and an external destination address; and encapsulate the second header information and the packet information to obtain the second packet, wherein a source address carried in the second header information is the address of the network device, and a carried destination address is the second destination address.
  • the designated address does not belong to an address range that has been configured for a designated network.
  • the designated address belongs to an address range from 100.64.0.0 to 100.64.0.10.
  • the virtual private network is a VPC network.
  • the first format is a VLAN format
  • the second format is a VXLAN format
  • the processor 1101 is further configured to receive, through the input interface 1104 , a first packet sent by a device in a second-class network, wherein the first packet carries a first source address; and convert the first destination address to obtain a second source address, wherein the second source address is a designated address in the second-class network, and the designated address does not belong to an address range that has been configured for a virtual private network where a virtual private network user is located; generate a second packet according to the second destination address and the first packet; and send, through the output interface 1105 , the second packet to the interior of the virtual private network where the virtual private network user is located.
  • the network device for data transmission provided in the embodiments of the disclosure enables a user in a virtual private network to acquire various services provided by corresponding servers only by using a private network that can provide a business service, such that the user in the virtual private network does not need to acquire services by accessing other networks than the private network, thereby saving traffic for the user.
  • the processor is a control center of the foregoing device (the device is the foregoing server or the foregoing client terminal), provides a processing apparatus configured to execute an instruction to perform an interruption operation, and provides a timing function and many other functions.
  • the processor includes one or more central processing units (CPUs), e.g., a CPU 0 and a CPU 1 shown in FIG. 22 .
  • the device includes one or more processors.
  • the processor can be a single-core (single-CPU) processor or a multi-core (multi-CPU) processor.
  • a component described as being configured to perform a task can be implemented as a universal component temporarily configured to perform a task in a given period of time, or implemented as a specific component that is specifically manufactured to perform the task.
  • the term “processor” used here refers to one or more apparatuses, circuits and/or processor units that are configured to process data, e.g., computer program instructions.
  • a program code that is executed by a CPU of the processor can be stored in a memory unit or a storage medium.
  • the program code stored in the storage medium can be copied into the memory unit to be executed by the CPU of the processor.
  • the processor can execute at least one kernel (such as LINUXTM, UNIXTM, WINDOWSTM, ANDROIDTM, and IOSTM). It is well known that the kernel is configured to control operations of the foregoing device by controlling execution of other programs or processes, controlling communication with a peripheral apparatus and controlling use of computer device resources.
  • the integrated units may be stored in a computer-readable storage medium such as memory unit 1103 of FIG. 22 .
  • the software functional units can be stored in a storage medium and includes several instructions for instructing a computer device or a processor to perform some or all of the steps of the method embodiments of the present disclosure.
  • the computer device may be a personal computer, a server, or a network device.
  • the foregoing storage medium can include any medium that can store program codes, such as a USB flash drive, a mobile hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disc.
  • the storage medium can be a non-transitory computer readable medium.
  • non-transitory media include, for example, a floppy disk, a flexible disk, hard disk, solid state drive, magnetic tape, or any other magnetic data storage medium, a CD-ROM, any other optical data storage medium, any physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM or any other flash memory, NVRAM any other memory chip or cartridge, and networked versions of the same.
  • the units described as separate parts may or may not be physically separate. Parts displayed as units may or may not be physical units. They may be located in a same location or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • functional units in the embodiments of the present disclosure may be integrated into one processing unit. Each of the units may exist alone physically, or two or more units can be integrated into one unit.
  • the integrated unit may be implemented in a form of hardware or may be implemented in a form of a software functional unit.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)
US16/364,064 2016-09-27 2019-03-25 Data transmission method and network device Active US11233766B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201610854615.XA CN107872542B (zh) 2016-09-27 2016-09-27 一种数据传输的方法及网络设备
CN201610854615.X 2016-09-27
PCT/CN2017/102386 WO2018059284A1 (zh) 2016-09-27 2017-09-20 一种数据传输的方法及网络设备

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/102386 Continuation WO2018059284A1 (zh) 2016-09-27 2017-09-20 一种数据传输的方法及网络设备

Publications (2)

Publication Number Publication Date
US20190222552A1 US20190222552A1 (en) 2019-07-18
US11233766B2 true US11233766B2 (en) 2022-01-25

Family

ID=61752196

Family Applications (1)

Application Number Title Priority Date Filing Date
US16/364,064 Active US11233766B2 (en) 2016-09-27 2019-03-25 Data transmission method and network device

Country Status (4)

Country Link
US (1) US11233766B2 (zh)
CN (1) CN107872542B (zh)
TW (1) TWI744359B (zh)
WO (1) WO2018059284A1 (zh)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107872542B (zh) 2016-09-27 2021-05-04 阿里巴巴集团控股有限公司 一种数据传输的方法及网络设备
CN110351191B (zh) 2018-04-20 2020-12-11 腾讯科技(深圳)有限公司 网络配置方法、系统、设备及存储介质
CN110753072B (zh) * 2018-07-24 2022-06-03 阿里巴巴集团控股有限公司 负载均衡系统、方法、装置及设备
CN110875884B (zh) * 2018-08-31 2023-10-31 阿里巴巴集团控股有限公司 一种流量迁移系统、一种数据处理方法及装置
CN110611625B (zh) * 2018-11-27 2020-11-06 新华三技术有限公司 网络设备及应用于网络设备的逻辑装置
JP7293728B2 (ja) * 2019-03-01 2023-06-20 日本電気株式会社 パケットカプセル化方法およびパケットカプセル化装置
CN109995759B (zh) * 2019-03-04 2022-10-28 平安科技(深圳)有限公司 一种物理机接入vpc的方法及相关装置
CN110535747B (zh) * 2019-09-09 2021-11-02 杭州迪普信息技术有限公司 报文处理设备和方法
CN111371685B (zh) * 2020-02-28 2022-06-17 北京百度网讯科技有限公司 数据处理、IPv6挂载方法和装置
CN111786888B (zh) * 2020-03-24 2022-08-09 北京京东尚科信息技术有限公司 一种接口隔离方法和装置
CN113630316B (zh) * 2020-05-06 2022-12-06 华为技术有限公司 一种数据传输方法及通信装置
CN111767091B (zh) * 2020-07-01 2023-12-05 百度在线网络技术(北京)有限公司 小程序获取用户信息的方法、装置、电子设备和存储介质
US11336515B1 (en) * 2021-01-06 2022-05-17 Cisco Technology, Inc. Simultaneous interoperability with policy-aware and policy-unaware data center sites
CN113098954B (zh) * 2021-03-30 2022-10-25 平安科技(深圳)有限公司 报文转发方法、装置、计算机设备和存储介质
CN114679370B (zh) * 2021-05-20 2024-01-12 腾讯云计算(北京)有限责任公司 一种服务器托管方法、装置、系统及存储介质
CN113595891B (zh) * 2021-08-18 2022-11-25 北京金山云网络技术有限公司 数据通信方法、装置和电子设备
CN114448667B (zh) * 2021-12-23 2023-08-08 天翼云科技有限公司 一种数据传输方法、装置及设备

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030026260A1 (en) * 2001-08-06 2003-02-06 Nobuo Ogasawara Packet routing apparatus and routing controller
US20030142674A1 (en) * 2002-01-30 2003-07-31 Nortel Networks Limited Label control method and apparatus for virtual private LAN segment networks
US6603763B1 (en) 1997-04-28 2003-08-05 Nec Corporation System and method for communicating between a mobile station and a network using address assignment
US20060182103A1 (en) * 2005-02-16 2006-08-17 Phantom Technologies, Llc. System and method for routing network messages
CN101447956A (zh) 2009-01-13 2009-06-03 杭州华三通信技术有限公司 一种跨网闸的通信方法和通信系统
CN101567831A (zh) 2008-04-21 2009-10-28 成都市华为赛门铁克科技有限公司 局域网之间发送、接收信息的方法和装置以及通信的系统
CN101729388A (zh) 2008-10-22 2010-06-09 华为技术有限公司 一种实现网络地址转换的方法、媒体网关和网络系统
US8194674B1 (en) * 2007-12-20 2012-06-05 Quest Software, Inc. System and method for aggregating communications and for translating between overlapping internal network addresses and unique external network addresses
US20140007218A1 (en) * 2003-11-11 2014-01-02 Citrix Systems, Inc. Systems and methods for providing a vpn solution
CN103581348A (zh) 2012-07-24 2014-02-12 深圳市腾讯计算机系统有限公司 网络地址转换方法及转换系统
US20150131674A1 (en) * 2013-11-13 2015-05-14 Institute For Information Industry Management server and management method thereof for managing cloud appliances in virtual local area networks
CN105122231A (zh) 2013-01-02 2015-12-02 加速系统有限责任公司 提供ReNAT通信环境的系统和方法
CN105491082A (zh) 2014-09-16 2016-04-13 华为技术有限公司 远程资源访问方法和交换设备
WO2018059284A1 (zh) 2016-09-27 2018-04-05 阿里巴巴集团控股有限公司 一种数据传输的方法及网络设备

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103780467B (zh) * 2012-10-19 2017-04-26 华为技术有限公司 通信连接方法、通信装置及通信系统
CN105591863B (zh) * 2014-10-20 2019-11-26 中兴通讯股份有限公司 一种实现虚拟私有云网络与外部网络互通的方法和装置
CN105515874B (zh) * 2015-12-26 2019-04-23 华为技术有限公司 在虚拟私有云中部署网络的方法和相关装置与系统
CN105721306B (zh) * 2016-02-04 2019-03-15 杭州数梦工场科技有限公司 一种配置信息的传输方法和装置

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6603763B1 (en) 1997-04-28 2003-08-05 Nec Corporation System and method for communicating between a mobile station and a network using address assignment
US20030026260A1 (en) * 2001-08-06 2003-02-06 Nobuo Ogasawara Packet routing apparatus and routing controller
US20030142674A1 (en) * 2002-01-30 2003-07-31 Nortel Networks Limited Label control method and apparatus for virtual private LAN segment networks
US20140007218A1 (en) * 2003-11-11 2014-01-02 Citrix Systems, Inc. Systems and methods for providing a vpn solution
US20060182103A1 (en) * 2005-02-16 2006-08-17 Phantom Technologies, Llc. System and method for routing network messages
US8194674B1 (en) * 2007-12-20 2012-06-05 Quest Software, Inc. System and method for aggregating communications and for translating between overlapping internal network addresses and unique external network addresses
CN101567831A (zh) 2008-04-21 2009-10-28 成都市华为赛门铁克科技有限公司 局域网之间发送、接收信息的方法和装置以及通信的系统
CN101729388A (zh) 2008-10-22 2010-06-09 华为技术有限公司 一种实现网络地址转换的方法、媒体网关和网络系统
CN101447956A (zh) 2009-01-13 2009-06-03 杭州华三通信技术有限公司 一种跨网闸的通信方法和通信系统
CN103581348A (zh) 2012-07-24 2014-02-12 深圳市腾讯计算机系统有限公司 网络地址转换方法及转换系统
CN105122231A (zh) 2013-01-02 2015-12-02 加速系统有限责任公司 提供ReNAT通信环境的系统和方法
US20150131674A1 (en) * 2013-11-13 2015-05-14 Institute For Information Industry Management server and management method thereof for managing cloud appliances in virtual local area networks
CN104639363A (zh) 2013-11-13 2015-05-20 财团法人资讯工业策进会 用于在虚拟区域网络中管理云端装置的管理伺服器及其管理方法
CN105491082A (zh) 2014-09-16 2016-04-13 华为技术有限公司 远程资源访问方法和交换设备
WO2018059284A1 (zh) 2016-09-27 2018-04-05 阿里巴巴集团控股有限公司 一种数据传输的方法及网络设备

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
First Chinese Office Action issued in related Chinese Application No. 201610854615.X, dated Jun. 18, 2020 (10 pgs.).
First Chinese Search Report issued in related Chinese Application No. 201610854615.X, dated Jun. 18, 2020 (2 pgs.).
PCT International Search Report and Written Opinion dated Dec. 11, 2017, issue din corresponding International Application No. PCT/CN2017/102386 (5 pgs.).

Also Published As

Publication number Publication date
TWI744359B (zh) 2021-11-01
TW201815131A (zh) 2018-04-16
US20190222552A1 (en) 2019-07-18
WO2018059284A1 (zh) 2018-04-05
CN107872542A (zh) 2018-04-03
CN107872542B (zh) 2021-05-04

Similar Documents

Publication Publication Date Title
US11233766B2 (en) Data transmission method and network device
US20230283553A1 (en) Service Routing Packet Processing Method and Apparatus, and Network System
US10148500B2 (en) User-configured on-demand virtual layer-2 network for Infrastructure-as-a-Service (IaaS) on a hybrid cloud network
US11374899B2 (en) Managing network connectivity between cloud computing service endpoints and virtual machines
US20150358232A1 (en) Packet Forwarding Method and VXLAN Gateway
EP3404878B1 (en) Virtual network apparatus, and related method
EP4114115A1 (en) Message processing method and related device
WO2021073565A1 (zh) 业务服务提供方法及系统
JP7413415B2 (ja) ハイブリッドクラウド環境における通信方法、ゲートウェイ、並びに管理方法及び装置
CN112583618B (zh) 为业务提供网络服务的方法、装置和计算设备
WO2021073555A1 (zh) 业务服务提供方法及系统、远端加速网关
CN109246016B (zh) 跨vxlan的报文处理方法和装置
US8943123B2 (en) Server apparatus, network access method, and computer program
US20240039923A1 (en) Method and apparatus for deploying network device, device, system, and storage medium
CN111565237B (zh) 网络参数确定方法、装置、计算机设备及存储介质
JP2023529639A (ja) パケット処理方法、デバイス、およびシステム
CN108011801B (zh) 数据传输的方法、设备、装置及系统
CN113709016A (zh) 通信系统以及通信方法、装置、设备和存储介质
US20240039702A1 (en) Distribution and use of encryption keys to direct communications
US20240031326A1 (en) Management of communications for overlapping subnets using ipv6 addressing
US20230006998A1 (en) Management of private networks over multiple local networks
CN113098954B (zh) 报文转发方法、装置、计算机设备和存储介质
US20220385625A1 (en) Method for transmitting data in a network system as well as a network system

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

AS Assignment

Owner name: ALIBABA GROUP HOLDING LIMITED, CAYMAN ISLANDS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:XIAO, HAN;SUN, CHENGHAO;LIANG, JUN;SIGNING DATES FROM 20200623 TO 20200702;REEL/FRAME:056080/0338

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE